<?php
/**
 * @APP@
 *
 * PHP versions 5
 *
 * @category   BEAR
 * @package    App
 * @subpackage App_Acl
 * @author     $Author: anonymous $ <anonymous@example.com>
 * @license
 * @version    SVN: Release: $Id:$
 */

/**
 * アクセスコントロールクラス
 *
 * ページとリソースに対するアクセスコントロールを設定します。
 *
 * @category   BEAR
 * @package    App
 * @subpackage App_Acl
 * @author     $Author: anonymous $ <anonymous@example.com>
 * @copyright  anonymous All rights reserved.
 * @license
 * @version    SVN: Release: $Id:$
 */
class App_Acl extends BEAR_Base
{
    /**
     * コンストラクタ
     *
     * @param array $config 設定
     *
     */
    public function __construct(array $config)
    {
        parent::__construct($config);
    }

    /**
     * Injector
     *
     * @return void
     */
    public function onInject(){
        // ロール
        $this->_acl = new Zend_Acl();
        $this->_acl->addRole(new Zend_Acl_Role('guest'))
        ->addRole(new Zend_Acl_Role('member'), 'guest')
        ->addRole(new Zend_Acl_Role('owner'), 'member')
        ->addRole(new Zend_Acl_Role('admin'), 'owner');
        // 全否定
        $this->_acl->deny('guest', null, 'read');
        //ページ
        $this->_acl->add(new Zend_Acl_Resource('Page_Index'));
        $this->_acl->allow('guest', 'Page_Index', 'read');
        $this->_acl->add(new Zend_Acl_Resource('Page_User_Create'));
        $this->_acl->allow('guest', 'Page_User_Create', 'read');
        $this->_acl->add(new Zend_Acl_Resource('Page_User_Activate_Index'));
        $this->_acl->allow('guest', 'Page_User_Activate_Index', 'read');
        $this->_acl->add(new Zend_Acl_Resource('Page_User_Follow_Index'));
        $this->_acl->allow('guest', 'Page_User_Follow_Index', 'read');
        $this->_acl->add(new Zend_Acl_Resource('Page_User_Multi_Index'));
        $this->_acl->allow('guest', 'Page_User_Multi_Index', 'read');
        $this->_acl->add(new Zend_Acl_Resource('Page_User_Index'));
        $this->_acl->allow('member', 'Page_User_Index', 'read');
        $this->_acl->add(new Zend_Acl_Resource('Page_User_Update'));
        // ユーザー変更ページはログインしていれば見れる
        $this->_acl->allow('member', 'Page_User_Update', 'read');
        $this->_acl->add(new Zend_Acl_Resource('Page_User_Follower_Index'));
        $this->_acl->allow('member', 'Page_User_Follower_Index', 'read');
        $this->_acl->add(new Zend_Acl_Resource('Page_User_Follower_From_Index'));
        $this->_acl->allow('member', 'Page_User_Follower_From_Index', 'read');
        // リソース
        $this->_acl->add(new Zend_Acl_Resource('App_Ro_User'));
        $this->_acl->allow('guest', 'App_Ro_User', 'create');
        $this->_acl->allow('member', 'App_Ro_User', 'read');
        $this->_acl->allow('owner', 'App_Ro_User', 'update');
        $this->_acl->allow('admin', 'App_Ro_User', 'delete');
        $this->_acl->add(new Zend_Acl_Resource('App_Ro_Entry'));
        $this->_acl->allow('owner', 'App_Ro_Entry', 'create');
        $this->_acl->allow('member', 'App_Ro_Entry', 'read');
        $this->_acl->allow('owner', 'App_Ro_Entry', 'update');
        $this->_acl->allow('owner', 'App_Ro_Entry', 'delete');
        $this->_acl->add(new Zend_Acl_Resource('App_Ro_User_Login'));
        $this->_acl->allow('guest', 'App_Ro_Entry', 'read');
        $this->_acl->add(new Zend_Acl_Resource('App_Ro_User_Activate'));
        $this->_acl->allow('guest', 'App_Ro_User_Activate', 'read');
        $this->_acl->add(new Zend_Acl_Resource('App_Ro_User_Profile'));
        $this->_acl->allow('guest', 'App_Ro_User_Profile', 'read');
        $this->_acl->allow('owner', 'App_Ro_User_Profile', 'create');
        $this->_acl->allow('owner', 'App_Ro_User_Profile', 'update');
        $this->_acl->allow('owner', 'App_Ro_User_Profile', 'delete');
        $this->_acl->allow('admin');
    }

    /**
     * アクセス制限
     *
     * @return unknown_type
     */
    public function allow($role, $resouceId, $access = 'read')
    {
        $isAllowed = $this->_acl->isAllowed($role, $resouceId, $access);
        $info = compact('resouceId', 'role', 'access', 'isAllowed');
        BEAR::dependency('BEAR_Log')->log('ACL', $info);
        return $isAllowed;
    }
}
